A pproximately 2,000 client accounts, or 0.02% of Kraken's user base, were potentially viewed after two members of its support team accessed internal systems without permission. The company revoked the access of the employees involved in both incidents, the first of which occurred in February 2025. Kraken first identified the issue after receiving a tip about a video circulating on a criminal forum showing access to its client support systems.
Related Brief 2d ago
cybersecurity Kraken Support Staff Breach Exposes 2,000 Users to Phishing
Approximately 2,000 Kraken customers are now susceptible to phishing attacks and targeted scams. Their personal data, including names and addresses, was provided to cybercriminals after customer support staff took photos and videos of internal client management platforms. The breach occurred across two distinct events in February 2025 and a second more recent occurrence. A criminal group used these recordings to attempt to extort the exchange, which refused to negotiate. Chief Security Officer Nick Percoco stated that no systems were breached and funds remained secure. The exchange is working with federal law enforcement across multiple jurisdictions to identify the individuals involved.
A criminal group is now attempting to extort Kraken, threatening to release videos of internal systems and client data if the company does not comply with their demands. Chief Security Officer Nick Percoco stated that the systems were not breached and customer funds were never at risk.
Related Brief 18h ago
cybersecurity Kraken Refuses Ransom After Insider Breach Exposes 2,000 Accounts
Two thousand Kraken clients face the risk of their private data being leaked on social media. The exposure occurred after two support employees were recruited by a cybercrime group to gain improper access to internal systems. These employees recorded videos of internal systems containing client support data for 2,000 accounts, or 0.02% of the user base. Kraken revoked employee access and strengthened controls following a tip in February 2025. A criminal group subsequently threatened to release the videos to media outlets and social media unless payment was made. Kraken refused to pay or negotiate with the ransom demands. A criminal investigation is underway to identify and arrest the responsible individuals. 2,000 clients face the risk of their private data being leaked on social media.
"Our systems were never breached; funds were never at risk; we will not pay these criminals; we will not ever negotiate with bad actors," Percoco wrote on X. Kraken is working with law enforcement across multiple jurisdictions to disrupt insider recruitment efforts and refuses to pay the extortionists.
Even secure smart contracts can’t protect users when the frontend is compromised
A compromised frontend can turn a routine token swap into a total wallet loss—even when the underlying smart contracts are secure. Blockchain security firm Blockaid has flagged CoW Swap’s primary website, cow.fi, as malicious following a suspected frontend attack, urging users to immediately revoke token approvals and cease interactions with the dApp. The alert confirms the cow.fi domain was hijacked, allowing attackers to serve malicious transaction prompts that could drain connected wallets. While CoW Swap’s smart contracts remain uncompromised, the breach targets user behavior: a single signed transaction on a fake interface is enough to trigger unauthorized transfers. Blockaid’s warning follows a wave of similar attacks on DeFi platforms including OpenEden, Curvance, and Maple Finance, all exploiting the same vulnerability—trusted websites turned hostile. Security experts emphasize that revoking token approvals limits future risk but cannot recover funds already taken. The incident reinforces a critical lesson: in DeFi, code audits are not enough. Users must verify URLs, use bookmarked links, and scrutinize every transaction, because the weakest link is no longer the contract—it’s the interface.
The Ledger Morning The essential intelligence to start your trading day. Delivered 6:00 AM EST.
Join 50,000+ professionals who start their day with The Digital Ledger.
